CentOS – Apache and SSL?

Posted on

CentOS – Apache and SSL? – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about apache-2.2, centos, ssl, httpd, .

Hei all

i have problem for my SSL setup, when i put SSL Engine to on my Apache will not start up, if i remove it, its work fine.

i can’t finde the Apache log, so i can find out of whats happen here,

can sommen maby tell me the problem or link to the defualt log-path for Apache?

here is my vhost config file.

<VirtualHost *:443>
#   SSLEngine On
    SSLProtocol all
    SSLCertificateFile "/etc/pki/tls/schemecloud.co.uk.csr"
    SSLCertificateKeyFile "/etc/pki/tls/schemecloud.co.uk.key"
    SSLCACertificateFile "/etc/pki/tls/rapidssl.crt"
    ErrorLog "/var/www/error_ssl_log"

    <Directory /var/www/html>
    AllowOverride All
    </Directory>                                                 
    DocumentRoot /var/www/html/
    ServerName schemecloud.co.uk
 </VirtualHost>

Solution :

You are listing a .csr file for SSLCertificateFile. .csr files usually contain the Certificate Signing Request, which is not your certificate. You likely have a .crt file which you need to put in that directive.

The Apache log path on my Centos installations is “/var/log/httpd/”; however, it looks like you may be changing that path with the ErrorLog parameter.

For the configuration you’ve given, I suspect you may be using the wrong file for the SSLCertificateFile parameter; “.csr” usually means certificate signing request, and the certificate files that parameter requires are commonly named “.crt”.

Also, you may find this tutorial on getting Apache set up to use SSL helpful.

i can’t finde the Apache log, so i can find out of whats happen here,

You are overriding the default ErrorLog path in your configuration at this line:

ErrorLog "/var/www/error_ssl_log"

I recommend deleting that line, and just using the default ErrorLog instead. That way, all errors will be logged in the same spot. It’s a single daemon, and it really only needs one error log file, in most cases. In addition, /var/www/ is typically a directory to hold the web content (html files, images, error pages, icons, cgi scripts, etc.) You probably don’t want to store any error logs in there.

To find the default ErrorLog location, you will need to understand how Apache configuration works.

First search for ‘ErrorLog’ in your main httpd.conf. On a CentOS 5 box, you will see a line like this:

myhost $ grep ErrorLog /etc/httpd/conf*/*.conf
/etc/httpd/conf/httpd.conf:ErrorLog logs/error_log
myhost $

According to the documentation for the ErrorLog Directive:

If the file-path is not absolute then it is assumed to be relative to the ServerRoot.

On a CentOS 5 box, the ServerRoot is typically /etc/httpd

myhost $ grep ServerRoot "/etc/httpd" /etc/httpd/conf*/*.conf
/etc/httpd/conf/httpd.conf:ServerRoot "/etc/httpd"

This means that your default error log is at /etc/httpd/logs/, which happens to be a symlink to /var/log/httpd:

myhost $ ls -ld /etc/httpd/logs
lrwxrwxrwx 1 root root 19 Sep 29  2010 /etc/httpd/logs -> ../../var/log/httpd

Leave a Reply

Your email address will not be published. Required fields are marked *